Method and Apparatuses for Enabling Routing of Data Packets Between a Wireless Device and a Service Provider Based in the Local Service Cloud

ABSTRACT

There is provided a method for constructing a traffic filter enabling routing of data between a wireless device and a Local Service Cloud, LSC, based service provider and a corresponding system, computer program and computer program carrier. There is also provided a method for enabling routing of data packets between a wireless device in a cellular communication network and a Local Service Cloud, LSC, based service provider, a method for routing data packets between a wireless device in a cellular communication network and a Local Service Cloud, LSC, based service provider and corresponding network nodes.

TECHNICAL FIELD

The proposed technology generally relates to a method for constructing atraffic filter enabling routing of data packets between a wirelessdevice and a Local Service Cloud, LSC, based service provider and acorresponding system, computer program and computer program carrier. Italso relates to a method for enabling routing of data packets between awireless device in a cellular communication network and a Local ServiceCloud, LSC, based service provider and a corresponding network node. Theproposed technology also relates to a method for routing data packetsbetween a wireless device in a cellular communication network and aLocal Service Cloud, LSC, based service provider and a correspondingnetwork node.

BACKGROUND

An expectation within the field of network technology is that cloudbased service delivery will be important for future service providers.In the future therefore, it is expected that a lot of client serviceswill be provided in one way or the other by the cloud. Many of thecurrently known and applied cloud technologies are based onorchestration functions as a way to manage the cloud functionality.

The currently utilized approaches are mainly geared towards usingstatically provided filter rules that are configured by cloudmanagement, i.e., orchestration. The rules, or policies, are setstatically and as such cannot adapt to such cases as when a wirelessdevice have downloaded a new application and want to have it processedby the cloud.

A number of approaches has been suggested for managing cloudfunctionalities. In US 20120093074 A1, there is disclosed a UserEquipment, UE, where context,

A number of approaches has been suggested for managing cloudfunctionalities. In US 20120093074 A1, there is disclosed a UserEquipment, UE, where context, including a session context for a breakoutdata session, is stored in a local memory. The session context comprisesa source internet protocol address, IP address, a destination IPaddress, an identifier of a former local breakout gateway LBGW and anidentifier of a new LBGW.

In US 2011/0069659 A1 there is disclosed a method and an apparatus forproviding a Local Break-Out service, LBO service, in a wirelesscommunication system.

In WO 2014014823 A1 there is disclosed a system for controlling localbreakout using a policy infrastructure. The system includes a Policy andChanging Rules Function, PCRF, configured to receive an admissionrequest associated with a subscriber from an eNodeB and, in response tothe admission request, to install a subscriber-specific policy on theeNodeB for implementing local breakout at the eNode B for thesubscriber.

In U.S. Pat. No. 8,724, 509 B2 there is disclosed a method for localIP-access without affecting the access to the operator's core network.The method might be applied in a corporate network provided withmultiple home NodeBs or eNodeBs. The disclosed method deals with localIP-access.

In U.S. Pat. No. 8,462,696 B2 there is provided a mobile terminal thatis configured to detect the availability of a local break-out service toan Internet Protocol gateway GW, and to initiate a network entry to thelocal break-out service and to configure an Internet protocol stack inthe mobile terminal based on the received configuration data. Thepurpose is to configure the client by using DHCP as the protocol. Thisis required in a home GW environment where the Client is trying toaccess the home resources. The disclosed technology is based on thelocal IP-address and access is determined on the basis of theIP-address.

In certain mobile systems, there are solutions for end-user basedpolicies. These policy rules are set by the operator in the PCRF. Thepolicies are set to dynamically configure the PDN-GW, PDN-Gate Way,either when a Client, such as a User Equipment, UE, connects to thenetwork or when a QoS-bearer is activated. Other solutions for homebase-stations are dealing with local-break-out of traffic to the localhome-GW.

Further approaches can be found in Refs [1]-[8].

SUMMARY

The proposed technology aims to provide alternative mechanisms formanaging or controlling cloud functionalities. These mechanisms providefor an efficient routing of data packets between a wireless deviceserved by the functionalities of the cloud and the cloud.

To enable a satisfactory service provided by the functionality of thecloud, the activation of cloud services should preferably be able toincorporate the particular demands from the wireless device requestingthe services. The service should in particular be able to cope with thedynamics of the specific application chosen by the user of the wirelessdevice, and thus to be able to provide a routing of data packets to andfrom cloud based services based on the particular demands of thewireless device. It would in particular be a preferable feature if thedata traffic between the wireless device and the cloud services was moredynamical and tailored to the specific application.

The proposed technology aims to provide mechanisms or functionalitiesthat enables an efficient routing of data packets between a wirelessdevice served by a service provider in a Local Service Cloud, LSC, andthe LSC.

It is an object of the proposed technology to provide methods forconstructing a traffic filter that enables a routing of data packetsbetween a service provider based in a Local Service Cloud, LSC, and awireless device that is requesting an application to be processed by theLSC.

It is a specific object to provide a method that enables routing of datapackets between a wireless device in a cellular communication networkand a Local Service Cloud, LSC, based service provider.

It is another specific object to provide a method performed by a networknode serving the wireless device in the cellular communication networkfor routing data packets between a wireless device in a cellularcommunication network and a Local Service Cloud, LSC, based serviceprovider.

Yet another specific object of the proposed technology is to provide asystem for constructing a traffic filter that enables a routing of datapackets between a service provider hosted in a Local Service Cloud, LSC,and a wireless device that is requesting an application to be processedby the LSC.

Still another specific object of the proposed technology is to provide anetwork node configured for routing data packets between a wirelessdevice in a cellular communication network and a Local Service Cloud,LSC, based service provider.

Yet another object is to provide a traffic filter that enables routingof data packets between a wireless device and a LSC based serviceprovider.

Yet another a specific object is to provide a computer programcomprising instructions, which when executed by at least one processor,cause the at least one processor to construct a traffic filter.

These and other objects are met by embodiments of the proposedtechnology.

According to a first aspect, the proposed technology provides a methodfor constructing a traffic filter enabling routing of data between awireless device and a Local Service Cloud, LSC, based service providerproviding service(s) and/or application(s) for the wireless device. Themethod comprises:

-   obtaining information representing the identity of the wireless    device requesting an application to be processed by the local cloud    based service, and a representation of an application identity    identifying the application;-   selecting, based on the application identity, a Virtual Machine, VM,    as the LSC based service provider suitable to process the    application for the wireless device;-   constructing a traffic filter based on the information representing    the identity of the wireless device, the representation of the    application identity and a representation of the identity of the    selected VM, the traffic filter providing routing of data between    the wireless device and the selected VM.

According to a second aspect the proposed technology provides a methodfor enabling routing of data packets between a wireless device in acellular communication network and a Local Service Cloud, LSC, basedservice provider providing service(s) and/or application(s) for thewireless device. The method comprises the steps of:

-   installing a Local Break-Out, LBO, function in a network node    serving the wireless device, the LBO function comprising a traffic    filter constructed according to the first aspect enabling routing of    data packets between the Local Service Cloud based service provider    and the wireless device; and-   configuring the LBO function in the network node to select, also    referred to as break out, data packets from the wireless device to    be directed to the Local Service Cloud based service provider by    means of the traffic filter and insert, also referred to as break    in, data packets from the Local Service Cloud based service provider    into a packet flow to be carried by the bearer and to be routed to    the wireless device by means of the traffic filter.

According to third aspect the proposed technology a method for routingdata packets between a wireless device in a cellular communicationnetwork and a Local Service Cloud, LSC, based service provider providingservice(s) and/or application(s) for the wireless device. The method isperformed by a network node serving the wireless device in the cellularcommunication network, and the method comprises the steps of:

-   selecting, also referred to as breaking out, data packets from the    wireless device to be routed to the LSC based service provider; and-   inserting , also referred to as breaking in, data packets from the    LSC based provider into a packet flow to be routed to the wireless    device,-   wherein the data packets are routed by means of a traffic filter    constructed according to the first aspect.

According to a fourth aspect, the proposed technology provides a systemconfigured to construct a traffic filter enabling routing of databetween a wireless device and a Local Service Cloud, LSC, based serviceprovider providing service(s) and/or application(s) for the wirelessdevice. The system is configured to obtain information representing theidentity of the wireless device requesting an application to beprocessed by the local cloud based service, and a representation of anapplication identity identifying the application. The system is alsoconfigured to select, based on the application identity, a VirtualMachine, VM, as the LSC based service provider suitable to process theapplication for the wireless device. The system is furthermoreconfigured to construct a traffic filter based on the informationrepresenting the identity of the wireless device, the representation ofthe application identity and a representation of the identity of theselected VM, the traffic filter providing routing of data between thewireless device and the selected VM.

According to a fifth aspect, the proposed technology provides a networknode serving a wireless device in a cellular communication network andbeing configured to enable routing of data packets between the wirelessdevice and a Local Service Cloud, LSC, based service provider providingservice(s) and/or application(s) for the wireless device. The networknode comprises an installed Local Break-Out, LBO, function, configuredto select, also referred to as break out, data packets from the wirelessdevice to be directed to the Local Service Cloud based service providerby means of the traffic filter and insert, also referred to as break in,data packets from the Local Service Cloud based service provider into apacket flow to be carried by the bearer and to be routed to the wirelessdevice by means of the traffic filter. The LBO function comprises atraffic filter constructed by the system according to the fourth aspect,which enables a routing of data packets between the Local Service Cloudbased service provider and the wireless device; and

According to a sixth aspect, the proposed technology provides a networknode, serving a wireless device in the cellular communication network,and configured for routing data packets between a wireless device in acellular communication network and a Local Service Cloud, LSC, basedservice provider providing service(s) and/or application(s) for thewireless device. The network node is configured to select, also referredto as breaking out, data packets from the wireless device to be routedto the LSC based service provider. The network node is also configuredto insert, also referred to as breaking in, data packets from the LSCbased provider into a packet flow to be routed to the wireless device.The network node is further configured to rout data packets by means ofa traffic filter constructed by the system according to the fourthaspect.

According to a seventh aspect the proposed technology provides acomputer program comprising instructions, which when executed by atleast one processor, cause the processor(s) to:

-   read information representing the identity of the wireless device    requesting an application to be processed by the local cloud based    service, and a representation of an application identity identifying    the application;-   select, based on the application identity, a Virtual Machine, VM, as    the LSC based service provider suitable to process the application    for the wireless device ;-   construct a traffic filter based on the information representing the    identity of the wireless device, the representation of the    application identity and a representation of the identity of the    selected VM, the traffic filter providing routing of data between    the wireless device and the selected VM.

According to an eight aspect the proposed technology provides a carriercomprising the computer program, wherein the carrier is one of anelectronic signal, an optical signal, an electromagnetic signal, amagnetic signal, an electric signal, a radio signal, a microwave signal,or a computer-readable storage medium.

According to a ninth aspect the proposed technology provides a systemfor constructing a traffic filter enabling routing of data between awireless device and a Local Service Cloud, LSC, based service providerproviding service(s) and/or application(s) for the wireless device. Thesystem comprises:

-   a communicating module for obtaining information representing the    identity of the wireless device requesting an application to be    processed by the local cloud based service, and a representation of    an application identity identifying the application;-   a selecting module for selecting, based on the application identity,    a Virtual Machine, VM, as the LSC based service provider suitable to    process the application for the wireless device;-   a constructing module for constructing a traffic filter based on the    information representing the identity of the wireless device, the    representation of the application identity and a representation of    the identity of the selected VM, the traffic filter providing    routing of data between the wireless device and the selected VM.

Embodiments of the proposed technology enables a secure and efficientrouting of data packets between a wireless device and a service providerbased in the Local Service Cloud. Other advantages will be appreciatedwhen reading the detailed description.

BRIEF DESCRIPTION OF THE DRAWINGS

The embodiments, together with further objects and advantages thereof,may best be understood by making reference to the following descriptiontaken together with the accompanying drawings, in which:

FIG. 1 is a schematic illustration of parts of a network and a LocalService Cloud

FIG. 2 is a schematic illustration of the signaling between entitiesaccording to a exemplary embodiment of the proposed technology

FIG. 3 is a flow diagram illustrating a particular embodiment of amethod for constructing a traffic filter according to the proposedtechnology.

FIG. 4 is a flow diagram illustrating another particular embodiment of amethod for constructing a traffic filter according to the proposedtechnology

FIG. 5 is a flow diagram illustrating an embodiment of a method forenabling routing of data packets between a wireless device and a serviceprovider based in the Local Service Cloud, LSC.

FIG. 6 is a flow diagram illustrating an embodiment of a method forrouting data packets between a wireless device and a service providerbased in the Local Service Cloud, LSC.

FIG. 7A is a block diagram illustrating a particular embodiment of asystem configured to construct a traffic filter according to theproposed technology

FIG. 7B is a block diagram illustrating another particular embodiment ofa system configured to construct a traffic filter according to theproposed technology

FIG. 8A is a block diagram illustrating a particular embodiment of anetwork node according to the proposed technology.

FIG. 8B is a block diagram illustrating another particular embodiment ofa network node according to the proposed technology.

FIG. 9B is a block diagram illustrating an embodiment of a system forconstructing a traffic filter together with a computer program productaccording to the proposed technology.

FIG. 10 is a diagram illustrating an embodiment of a system forconstructing a traffic filter according to the proposed technology.

FIG.11 is a flow diagram illustrating an exemplary embodiment of theproposed technology.

DETAILED DESCRIPTION

Throughout the drawings, the same reference designations are used forsimilar or corresponding elements.

For a better understanding of the proposed technology, it may be usefulto begin with a brief overview of the architecture a network and anassociated Local Service Cloud. Reference is made to the particularexample of FIG. 1 that illustrates some features of a network and aLocal Service Cloud.

In this example, where for simplicity the general architecture is basedon LTE technology, there is shown a wireless device 10, a network node20, a Serving Gateway, SGW, 30, a PDN Gateway, PGW, 40 and a LocalService Cloud, LSC, 50.

The SGW 30 provides functionalities in the form of routing andforwarding of user data packets. The PGW provides for connectivitybetween the wireless device, e.g. the UE and external networks, it actsas a network entry point and exit point for the wireless device. Alsodisclosed in FIG.1 is a bearer 11 from the WD to the serving networknode. This bearer might be a Radio Bearer, RB, over which data iscarried from the network node to the wireless device. EPS bearer 12 isalso disclosed, an EPS bearer provides for the possibility to transmittraffic between a WD and a PGW.

A Local Service Cloud, LSC, is essentially a pool of server hardwareand/or virtual machines, VMs, hosting third party services and operatorservices, but that may also be used for transport- and network relatedfeatures such as compression.

The Local Service Cloud 50 might contain a number of actual serviceproviders that is generally denoted by the term Virtual Machines, VMs.These are the actual processing entities that performs the processingwithin the cloud. The VMs could for example be regular processors whoseprocessing functionalities could be used by an external user, such as awireless device.

A possible scenario relevant for the proposed technology isschematically illustrated by means of the signaling diagram given inFIG.2. A wireless device requests the service of having an applicationprocessed by a service provider hosted or situated in the Local ServiceCloud.

According to the proposed technology this request initiates a mechanismwhereby a traffic filter is constructed that enables routing orforwarding of data packets between the wireless device and a serviceprovider based in the LSC. As used in this specification a trafficfilter is a set of rules that directs or routes data packets between awireless device and a service provider hosted by the LSC. Or putdifferently, a functionality that provides routing information orrouting rules that determines how data packets should be routed. Thepresent filter will be described more thoroughly in what follows.

According to an embodiment of the proposed technology it is provided amechanism whereby a request from the wireless device to use cloudfunctionalities will initiate a traffic filter construction that willdetermine how data is to be routed between the wireless device and theservice provider, i.e. a Virtual Machine, VM, based in the LSC.

In FIG.3 there is illustrated an embodiment of a method for constructinga traffic filter enabling routing of data between a wireless device anda Local Service Cloud, LSC, based service provider providing service(s)and/or application(s) for the wireless device. The method comprises:

-   obtaining information representing the identity of the wireless    device requesting an application to be processed by the local cloud    based service, and a representation of an application identity    identifying the application;-   selecting, based on the application identity, a Virtual Machine, VM,    as the LSC based service provider suitable to process the    application for the wireless device;-   constructing a traffic filter based on the information representing    the identity of the wireless device, the representation of the    application identity and a representation of the identity of the    selected VM, the traffic filter providing routing of data between    the wireless device and the selected VM.

The proposed method provides a way for allowing data packet routing ondemand based on the particular application/service the wireless devicehas requested to be processed. Since the applications in general ischosen by the end-user, the chosen applications are not known inadvance. The method therefor enables an end-user based access to thecloud functionalities on demand where a single request from an end-userin the form of a wireless device is used to both select, or assign, aVirtual Machine to process the application and provide data packetrouting between the selected VM and the wireless device.

The proposed method moreover provides for an efficient way ofconstructing a traffic filter. The constructed traffic filter willenable a fast and secure routing of data packets between the wirelessdevice and the selected VM. The proposed method allows, in a specificembodiment, for a construction of an alternative traffic filter that canhandle Internet Protocol routing, or IP-routing, that is, it provides atraffic filter that can handle routing of data between two specified IPaddresses. One identifying the wireless device and the other theselected VM. The constructed traffic filter is however able to providevarious types of traffic filtering or routing, for example over variousbearers such as Radio Bearers, ESPs bearers and Radio Access Bearers,RABs. Examples of such routing types will be described in more detail inwhat follows.

In a particular embodiment of the proposed method is the traffic filterconstructed so that it comprises at least one uplink filter for routingof data from the wireless device to the selected VM and/or at least onedownlink filter for routing of data from the selected VM to the wirelessdevice.

In an example of an embodiment of the proposed method the identity ofthe wireless device may comprise at least one of the IMSI signature ofthe wireless device, the IP address of the wireless device or the MACaddress of the wireless device.

In a possible embodiment of the proposed method is the VM is selected bydetermining conditional constraints optionally restricting the wirelessdevice use of the application and using the determined conditionalconstraints to reduce the number of VMs suitable to process theapplication for the wireless device. If, for example, there are a largenumber of VMs within the LSC that is deemed suitable to process theapplication/service for the wireless device the number of VMs might bereduced if conditional constraints on the wireless device, theapplication and the VMs are taken into consideration. Since a suitableVM should be selected the use of conditional constraints to reduce thenumber of VMs could be advantageous.

It might be possible that, the conditional constraints of the VM, theapplication and the wireless device are so strict that the number ofsuitable VMs are reduced to zero.

The conditional constraints might, in a particular embodiment, compriseconstraints relating to whether the wireless device is authorized to usethe application. If the wireless device is not authorized to use theapplication, no VM will be selected and no a traffic filter will beconstructed. Hence the identity of the application and the particularconstraints on the application and the wireless device are used todetermine whether a VM should be selected and whether a traffic filtershould be constructed.

In still another embodiment of the proposed method the conditionalconstraints could comprises any of the following, or any combination ofthe following:

-   constraints on the maximal limit for delays or packet losses making    particular VMs non-selectable;-   security constraints rendering particular VMs non-selectable;-   geographical access constraints rendering particular VMs    non-selectable;-   constraints on the network load rendering certain VMs    non-selectable;-   constraints on the VM-load rendering certain VMs non-selectable;-   constraints on the latency limits making certain VMs non-selectable.

According to a particular example of the proposed method is the step S2of selecting at least one VM based on information identifying aselection of Virtual Machines, VMs, within the local cloud that aredeemed suitable to process the application for the wireless device.

The VMs contained in this selection of VMs might be VMs where theconditional constraints has been used to determine VMs fulfilling theconditional constraints.

According to a particular embodiment of the proposed method theinformation identifying a selection of VMs is obtained from a TopologyDatabase, TDB, carrying information about existing VMs within the localcloud and information about the deployment of applications.

A Topology Database is a database provided with a topology. The topologyis relational, that is, the topology defines relations between entitieswithin the database, in this way a TDB is more than just arrays of dataentities it also specifies the relations between the data entities. Theconcept of a topology database is well-known and no further descriptionwill be given here. In this particular application the used features ofthe TDB is the entities corresponding to the VMs and the VMs deploymentof applications/services.

It might be preferable to use a topology database that comprises atopology map includes knowledge about unused resources for Storage andCPU of the VMs and also cloud based Traffic engineering algorithms thatcan be used for on-demand selection of suitable VMs to process theapplications.

By way of example, the step S2 of selecting a VM might, in the proposedmethod, comprise extracting at least one VM from the selection of VMs bymeans of at least one Traffic Engineering, TE, algorithm.

By using a TE algorithm it will be possible to distinguish which of theVMs that are preferable to use based on comparison between the outcomesof the TE algorithm performed on individual VMs. Hence the TE algorithmis used to pick out, if not the optional VM, than at least a VM that isdeemed satisfying according to the set criteria's.

In a particular embodiment of the proposed method at least one TEalgorithm is chosen from the following, or any combination of thefollowing:

-   a shortest path algorithm, counting the number of hops among the    VMs, wherein a suitable VM, comprised in the selection of VMs, and    is selected if adhering to a constraint on the number of hops;-   a cost based optimization algorithm wherein a suitable VM, comprised    in the selection of VMs, is selected based on a comparison with a    cost threshold and the actual cost of the processing;-   a priority based optimization algorithm wherein a suitable VM,    comprised in the selection of VMs, is selected based on priority    values assigned to each VM within the local cloud.

By way of example, the step S3 of constructing a traffic filter enablingrouting of data between the wireless device and the selected VM is, in aparticular embodiment of the proposed method, based on informationrepresenting the IP address of the VM.

The method according to the above given embodiment specifies that theinformation that is used to identify the selected VM is the IP addressof the VM. In the particular case where the corresponding informationidentifying the wireless device is the IP address of the wireless devicethe constructed traffic filter will provide for IP-routing of datapackets between the selected VM and the wireless device.

In still another possible embodiment of the method is the step S3 ofconstructing a traffic filter enabling routing of data between thewireless device and the selected VM is based on information representingthe identity of the Virtual Local Area Network, VLAN, hosting theselected VM.

By identifying the VLAN hosting the selected VM it will be possible torout data packets effectively between the wireless device and the VM byrouting in the most suitable way to the VLAN. For example on adesignated bearer such as a particular EPS bearer providing a linkbetween the wireless device and the VLAN. This routing of data packetsto the VLAN might be all that is needed if the VLAN only contains asingle VM, in this case the identity of the VM is uniquely determinedand the data packet routing completely specified.

Since a VLAN however might contain more than a single VM the datarouting needs to be further specified to find the particular selectedVM. The traffic filter might therefore first rout the data packets tothe entry point of the VLAN and upon arrival at the VLAN packets arerouted to the particular VM by means of using the MAC address of theselected VM.

In other words, in still another exemplary embodiment of the proposedmethod is the step of constructing a traffic filter enabling routing ofdata between the wireless device and the selected VM, also based on aMAC address of the selected VM hosted by the VLAN.

In a possible embodiment of the proposed method is the step S3 ofconstructing a traffic filter enabling routing of data between thewireless device and the selected VM based on information representingthe identity of at least one bearer used for routing data packets to thewireless device.

By utilizing information that identifies the bearer of the data packetsin the construction of the traffic filter it is possible to route databetween the wireless device and the selected VM in an efficient waywhere the suitable bearer of data packet is singled out. The trafficfilter might therefor set, as a possible end-destination for the datapackets address, the bearer of data packets that corresponds to eitherthe VM, on the uplink from the wireless device to the VM, or thewireless device, on the downlink from the VM to the wireless device.

In a specific example of the proposed method relating to the above, thestep S3 of constructing a traffic filter also comprises the step S31 ofproviding a mapping between the at least one bearer used for routingdata packets to the wireless device and the selected VM thereby enablingrouting of data packets between the selected VM and the wireless deviceover the connection link defined by the bearer. This embodiment isschematically illustrated in FIG.4.

In other words, the traffic filter is constructed so that a mapping isprovided between the identified bearer and the VM. The traffic filtermight then forward data packets from the wireless device to the VM onthe uplink by identifying the bearer and using the provided mapping tosingle out the selected VM. The same could also be done on the downlink,that is, data packets from the VM could be forwarded to the wirelessdevice over an identified bearer. If this particular bearer is not thesingle bearer of data packets to the wireless device, the method forconstructing a traffic filter might comprise to provide a mappingbetween the identified bearer and the wireless device.

To construct a traffic filter that identifies the bearers isadvantageous when the communication is viewed from the perspective ofthe user plane. This point of view will be described more below inrelation to the use of a constructed traffic filter in the user plane.

In still another exemplary embodiment of the proposed method, the stepS3 of constructing a traffic filter further comprises to determine theat least one bearer to be used for routing data packets from the VM tothe wireless device.

In other words, the traffic filter determines the suitable bearer ofdata packets and forward the data packets on the determined bearer. Incase the bearer does not uniquely identify the wireless device or theVM, the provided mappings between the bearer and the VM or wirelessdevice can be used to forward the data packets to the end address.

In particular embodiments of the proposed method, the at least onebearer used to route data packets to the wireless device is at least oneof: a Radio Bearer, RB, an EPS bearer or a Radio Access Bearer, RAB.

As a specific non-limiting example, suppose that a RB has beenidentified and the identity of the RB been used to construct the trafficfilter. This particular RB would receive data packets forwarded from theselected VM with end destination the wireless device. If the concernedRB is the single RB serving the wireless device, that is, the RBprovides the relevant radio link for the wireless device, than theinclusion of this identified RB into the traffic filter is enough tonon-ambiguously forward data packets to the wireless device. On theother hand if the wireless device has several established RBs, a mappingbetween the wireless device and the RBs might be included so that thecorrect RB is singled out.

The same mechanism could also be used on the uplink. That is, if abearer of data packets to the VM is identified, the inclusion of thisbearer identity in the traffic filter could, in case there is a one toone correspondence between the VM and the bearer be enough to uniquelyspecify the VM. The traffic filter therefor enables data packets to berouted to the VM from the wireless device on the uplink by identifyingthe VM by means of identifying the bearer. Yet again a mapping betweenthe VM and the bearers may be used in the case with several establishedbearers. In other words, if a VM have several established bearers thetraffic filter could comprise a mapping relating the bearers to the VM.

To provide a better understanding of the proposed technology a fewnon-limiting examples will be described. The examples are merelyintended to facilitate the understanding of the concepts behind theproposed technology and should not in any way be construed aslimitations of the proposed technology.

The intention of the following example is to provide a simplifiedexample of how the proposed method for constructing a traffic filter isused in a particular scenario. The particular scenario relates to asituation with a single wireless device, having a single establishedRadio Bearer, RB, and where the selected VM is the single entity of aVirtual Local Area Network, VLAN.

A request to have an application processed by the LSC is obtained Sifrom a wireless device. The request comprises two identities, or certainrepresentations of the identities, a user-identity, providing anexplicit or implicit identification the wireless device, and anapplication identity. The former identity could in the present case beimplicitly represented by the RB since there is a single established RBfor the wireless device. The latter identity provides an identificationof the particular application the wireless device wants to be processedin the LSC. The application identity, Application-ID, might be a pointerthat refers to a specific application type or to an explicit URL or to atext-string that can be matched to an application. Many examples ofidentifier could be used and the mentioned ones are merely specificexamples.

In step S2 a Virtual Machine, VM, based in the LSC is selected. The VMis selected in order to provide the application processing service. Theparticular selection could for example be based on whether the user orthe wireless device is authorized to use the application. This could bedetermined by means of checking whether the application ID is part of alist of authorized applications. If the user/wireless device is notauthorized to use the application, the request is denied and a rejectionresponse may optionally be returned to the actor.

If however it is determined that the user/wireless device is authorizedto use the application, the selection procedure continues by collectingpossible conditional constraints that is associated with theapplication. These conditional constraints are, together with the theapplication ID, relayed or sent to a database such as a TopologyDatabase, TDB. The purpose is to obtain, from the TDB, a selection ofone or more suitable service providers, i.e., VMs within the LSC. Theselection of suitable service providers is therefor, in this particularexample, obtained from the TDB.

The functionality of the TDB is to use the relayed application ID andconditional constraints to select a list or a selection of suitable VMsbased in the LSC. The topology database might extract the selection ofVMs based on a single one of the following selection criteria, or anycombination of the following selection criteria:

-   A selection of VMs in the LSC that are able to process the    application. This can be determined based on the relayed application    ID.-   Traffic engineering (TE) algorithms that utilize the relayed    conditional constraints in order to select the VMs. Different    optimization algorithms can then be used to single out a suitable    selection, the following TE-algorithms could be used alone or in any    possible combination:-   Shortest path to the VM counted in the number of hops among the VMs    that fulfill the constraints.-   Cost based decision. Instead of using strict binary decision of the    constraints that might be for example thresholds, it is possible to    calculate the difference between the actual value and the thresholds    and apply a cost function to the difference values. The resulting    cost can then be compared to a threshold to make the binary    decisions.-   Priority based decision. In this particular case a priority is    assigned to a VM based on the conditional constraints. For example    by providing a particular priority to the VMs based on whether or    not they are fulfilling a particular number of constraints. The    priorities assigned to the VMs might then be used to extract VMs    suitable for processing the application.

In the end a particular VM is selected for processing the requestedapplication.

Based on the selected VM a traffic filter is constructed S3 that enablesrouting of data packets between the user/wireless device and theselected VM. In this particular example at hand the constructed trafficfilter comprises a representation of the identity of the wirelessdevice. In the case at hand this identity could either be explicit, byproviding for example the IMSI OR the IP address of the wireless device,or implicit by providing an identity of the single established RB. Theidentity of the RB will in this case uniquely determine the wirelessdevice. As has been explained earlier, if the wireless device hadseveral established RBs, the traffic filter may comprise a mappingbetween RBs and the wireless device. The IP address of the wirelessdevice or the identity of the RB forms part of downlink section of thetraffic filter. On the uplink section an identity singling out the VLANcould be used. Since there is only a single VM hosted in the VLAN, theidentity of the VLAN will uniquely specify the VM, conversely theidentity of the VM, for example its IP address will uniquely specify theVLAN in which the VM is hosted. If there was instead a number of VMshosted by the VLAN than further information specifying the VM could beused. For example the IP address or the MAC address of the VM.

A traffic filter is thereby constructed that enables data packets to berouted between the selected VM and the wireless device. Since thetraffic filter comprises both a UL section and a DL section it enablesrouting of data packets to the VM, from the wireless device, as well asto the wireless device from the VM.

Having described in detail the method for constructing a traffic filterenabling routing of data between a wireless device and a Local ServiceCloud, LSC, based service provider. The following will be related to howsuch a traffic filter can be used in the user plane, or equivalently onthe data plane or bearer plane. In particular it relates to how anetwork node is able to utilize such a traffic filter to enable routingof data between a wireless device and a Local Service Cloud, LSC, basedservice provider.

A particular issue at hand is that only selected parts of the trafficfrom a wireless device should be routed or, equivalently, directed tothe LSC. In order to break out the relevant data packets to be routed tothe LSC and to avoid breaking out data packets not intended to be brokenout it is proposed a deployment of a Local Break-Out function, LBOfunction, that is dynamically configured to break out and/or break inthe relevant data packets and route or direct the data packets betweenthe LSC to the correct wireless device and/or bearer. The routing ofdata packets may be performed with a traffic filter according to whathas been described earlier. The proposed technology addresses thedeployment of such a LBO function.

Before providing concrete embodiments of the proposed technology anoverview will be given that provide a conceptually geared description ofthe proposed technology that also highlights how the earlier describedtraffic filter is used.

The proposed operation of the network node is based on having LBOfunctions installed. The functionality of these LBO functions is togovern which traffic that should be broken out of a traffic flow andalso inserted into a traffic flow. The LBO function for an applicationflow comprises a traffic filter as described earlier providing a mappingbetween the VM and the established bearer, for example an EPS bearer andthe VLAN associated to the VM selected to process the application. Inthe uplink UL the LBO function selects the data packets to be broken outand the traffic filter that provides a mapping between, e.g. the EPSbearer and the VLAN, governs which VLAN, and implicitly by means of, forexample the MAC address of the VM, which VM the LBO function willforward the broken out packet to. In the downlink, DL, the LBO functionmay use a traffic filter that determine the particular radio bearer onwhich to forward a packet from the LSC, for example by means of aVM-bearer mapping, e.g., a VLAN-EPS bearer mapping.

Such an LBO function is suitable to handle a single traffic flow, thatis, for a flow related to a single interaction between a wireless deviceand a VM that processes a single application in the LSC. If a wirelessdevice has multiple simultaneous traffic flows that are broken out tothe LSC, that is, in the case that the wireless device is interactingwith multiple applications processed in the LSC, there could be an LBOfunction for each traffic flow. Moreover, if a wireless device hasmultiple simultaneous traffic flows, all of which are using the same IPaddress identifying the wireless device, which are broken out toapplications running on the same VM in the LSC, and if the wirelessdevice uses different radio bearers for the concerned traffic flows,then each LBO function also has to identify the data packets in the DL,so that different DL traffic flows are correctly forwarded on theirrespective radio bearer.

With this conceptual description at hand reference is now made to FIG. 5where it is schematically shown a flow diagram illustrating anembodiment of a method for enabling routing of data packets between awireless device in a cellular communication network and a Local ServiceCloud, LSC, based service provider providing service(s) and/orapplication(s) for the wireless device. The method comprises the stepsof:

-   installing S100 a Local Break-Out, LBO, function in a network node    serving the wireless device, the LBO function comprising a traffic    filter, constructed according to what has been described above,    enabling routing of data packets between the Local Service Cloud    based service provider and the wireless device; and-   configuring S200 the LBO function in the network node to select,    also referred to as break out, data packets from the wireless device    to be directed to the Local Service Cloud based service provider by    means of the traffic filter, constructed according to what has been    described above, and insert, also referred to as break in, data    packets from the Local Service Cloud based service provider into a    packet flow to be carried by the bearer and to be routed to the    wireless device by means of the traffic filter.

The proposed technology provides a way of creating and deploying LocalBreak-Out functionality that enables a network node to both break outthe relevant data packets to the LSC and to insert/break in the relevantdata packets from the LSC. The corresponding data packets can then bedirected to their final destination by means of a traffic filteraccording to what has been described earlier. This functionality canhandle multiple traffic flows as well as multiple bearers associatedwith the same wireless device.

In an optional embodiment of the proposed method, the step ofconfiguring S200 the LBO function is triggered based on a Domain NameServer, DNS, query for an application or service hosted by the LSC.

This optional embodiment provides for a fully dynamical approach basedon a local DNS proxy in LSC. When a wireless device initially attachesto a network, i.e., by means of an attach procedure, the core networkconfigures the wireless device with, among other parameters, the IPaddress of the particular DNS server that the wireless device isexpected to transmit its DNS queries to. This in accordance with regularstandards and procedures.

In a particular exemplary embodiment, the LBO function in each networknode might be configured with a static LBO function in order to breakoutDNS queries from wireless devices and direct these to the DNS proxy inthe LSC. This static LBO function might contain a traffic filtermatching the DNS queries and an identifier of the VLAN that leads to theVM on which the DNS proxy is running. The traffic filter may comprisethe DNS server IP address that the core network has configured thewireless device with, this could be assumed to be the same for allwireless devices, or the default port number for DNS queries or both ofthese in combination. A specific embodiment might only include the DNSquery default port, which also allows arbitrary DNS server IP addresses.Such a described static LBO function could be complemented with a moredynamic part that handles the part where a DNS query is intercepted andredirected to the LSC. The dynamic part might comprise of the IP addressof the wireless device and a downlink, DL, mapping from, e.g. the VLANto the EPS bearer on which the DNS query was sent.

If the DNS proxy is unable to respond to the query, for example due tothe fact that the query does not concern an application that issupported in the LSC, it may forward the query to the originallyaddressed DNS server. The DNS proxy is transparent in the sense that itspresence is not noticeable for the wireless device. The DNS proxy doesnot have its own IP address. It accepts any destination IP address inthe query, a fact that enables it to process DNS queries originallyaddressed to any DNS server IP address. When the DSN proxy responds to aquery, with the IP address of a selected VM processing the applicationin the LSC, it uses the destination IP address of the query as thesource IP address in the response. When the DNS proxy forwards a query,it keeps the IP address of the wireless device as the source address andthe IP address of the originally addressed DSN server as the destinationaddress. That is, it forwards the original DNS query, including the IPpacket that carries it, unmodified.

In still another particular embodiment is the LBO function adapted tointercept the DNS query and direct the query to a local DNS proxy in theLSC and adapted to receive, from the local DNS proxy, LBO functioninformation for an expected traffic flow of the application or service,and wherein the LBO function is configured for the expected packet flowbased on the LBO function information.

In the case that the DNS proxy finds that the application a DNS querypertains to is supported in the LSC, a LBO function for the expectedtraffic flows of the concerned application could be established. The DNSproxy could for example contribute to the traffic filter of the LBOfunction by providing as input, for example, the application server IP,i.e., the IP address of the selected VM processing the application, theIP address of the wireless device and an application identity.Functionality associated with the LBO function and/or the LSC, e.g. LSCorchestration functionality, may interact with the DNS proxy to selectthe VM to be used, e.g. in case the same application is processed bymultiple VMs based in the LSC. When the VM has been selected, abearer-VM mapping, e.g., a VLAN-EPS bearer mapping can be set. Forexample relating the VLAN associated with the selected VM with the EPSbearer that the DNS query was sent on. In case the wireless device hasmultiple EPS bearers it is possible to initially establish the LBOfunction, including a VM-bearer mapping, e.g., a VLAN-EPS bearermapping, for each of the wireless device EPS bearers. When the firstapplication data packet flow arrives at the LBO function, i.e. when thefirst packet matches the traffic filter of one of the LBO functions,this is seen as an indication of which bearer, e.g. EPS bearer, that isused and consequently the LBO function(s) associated with the other EPSbearer(s) can be deleted. For the last part of the LBO function the DNSproxy or the functionality associated with the LBO function and/or theLSC, such as the LSC orchestration functionality, or this functionalityin cooperation with the DNS proxy, provides the transport protocol andapplication port number to the traffic filter(s) of the LBO function ifthis is needed in order to separate multiple traffic flows from the samewireless device.

To further facilitate the understanding of the proposed method aconcrete example will be given in the context of an Evolved PacketSystem, EPS/Long Term Evolution, LTE, cellular network. Even though thisexample is described using terms and concepts of an EPS/LTE cellularnetwork, it should be pointed out that the principles of the proposedtechnology could equally well be applied to cases where the cellularnetworks are based on other standards, such as a Universal MobileTelecommunications System, UMTS, Wideband Code Division Multiple Access,WCDMA, and High Speed Packet Access, HSPA.

In the case of an LTE network the LBO function might also, on thedownlink, utilize a mapping that relates the contents of a downlinkpacket to the User Equipment context, UE context in the eNodeB. The UEcontext comprises data primarily related to the bearers of theUE/wireless device including data providing the identities ofestablished bearers for the UE/wireless device. In addition the UEcontext comprises, for example, identifiers for the signaling connectionbetween the eNodeB and the Mobility Management Entity, MME, used forsignaling related to the UE. This signaling connection is also referredto as a S1 connection. The UE context could moreover also comprise usersubscription related information.

The following identifiers of the bearers may be derived from the contentof the UE context and used to identify the EPS bearers in the VLAN-EPSbearer mapping describe earlier:

-   Radio bearer ID, providing a unique ID for one UE within one eNodeB-   EPS bearer ID providing a unique ID for one UE-   Extended EPS bearer ID, an ID that will be defined below

If the wireless device, or equivalently the User Equipment, UE, has asingle established radio bearer, that is, a single data radio bearer,than the VLAN-EPS bearer mapping described earlier is redundant in thedownlink, DL. That is because of the fact that the destination IPaddress of the packet, that is, the IP address of the UE and the mappingto the UE context, i.e. a reference to the UE context, is enough tosingle out the radio bearer to use since it is the only radio bearerincluded in the UE context.

Since the bearer is associated with the UE context, the UE context mightbe identified based on the bearer of a broken-out uplink, UL, packetthat is subject to local breakout. This could, for example, be the firstUL packet that matches the traffic filter in the LBO function for theconcerned application flow or, as an alternative, the UL packetcontaining the DNS query that triggered the LBO function creation.

An identifier that might be used to identify the EPS bearer in theVLAN-EPS bearer mapping could be a particular type of ID that in thepresent disclosure is referred to as an Extended EPS bearer ID. AnExtended EPS bearer ID consists of a combination of threeidentifiers: 1) the MME UE S1AP ID, 2) the EPS bearer ID, 3) either theGlobally Unique Mobility Management Entity Identifier, GUMMEI or the IPaddress of a Mobility Management Entity MME. The combination provides anidentifier that is globally unique.

The MME UE S1AP ID given above is a well-defined ID within the technicalfield that can be used to provide an identification of a UE, or moreprecisely, an identification of the MME side of a signalling connectionbetween an eNodeB and a MME for signalling pertaining to a certain UE,the signalling connection is also referred to as a S1 connection. TheGUMMEI is a globally unique ID and so is the MME IP address unless theoperator uses private IP addresses for its MMEs. In the latter case itmight be preferred to use the GUMMEI.

Since the Extended EPS bearer ID includes a reference to the UE context,by means of the MME UE S1AP ID combined with either the GUMMEI or theMME IP address, this reference may serve to map the DL packets that, forexample, has been identified by the IP address of the UE to the UEcontext. In this case no additional UE context mapping references isneeded in the LBO function and they can therefor optionally be omitted.

The above described LBO function is enough to handle a single trafficflow, i.e. essentially a single UE's interaction with a singleapplication in the LSC. If a UE has multiple simultaneous traffic flowsthat are broken out to the LSC, e.g. interacting with multiple LSCapplications, there might be an LBO function for each traffic flow.Moreover, if a UE has multiple simultaneous traffic flows, all using thesame UE IP address, that are broken out to applications running on thesame VM in the LSC, for example interacting with multiple LSCapplications hosted on the same VM or using different traffic flowstowards the same application and the UE uses different radio bearers forthe concerned traffic flows, then each LBO function might also include atraffic filter to identify the packets in the DL, so that the differentDL traffic flows are correctly forwarded on their respective radiobearer. As long as only a single VM per VLAN is possible, the DL packetfilter need only to contain the transport protocol and the source anddestination port numbers to distinguish the different DL applicationflows to the same UE, but if multiple VMs can be hosted by the sameVLAN, then the source IP address, i.e. the VM IP address, could also beincluded in the DL packet filter. Another optional feature is that theDL traffic filter could be omitted for one of the LBO functions, whichwould mean that DL packets from the LSC which do not match the trafficfilter of any of the other LBO functions for the same UE would begoverned by the LBO function without traffic filter.

Hence, in the general case a LBO function consists of an UL packetfilter, a DL packet filter, a VLAN-EPS bearer mapping and might alsocontain a reference to the UE context. The latter may be integrated withthe Extended EPS bearer ID if that particular ID is used in the VLAN-EPSbearer mapping. The UE IP address might also be used to forward DLpackets to the correct UE.

A particular example of how a LBO function can be established isprovided in the flow diagram of FIG.11. In FIG.11 the following isillustrated:

-   A DNS query is detected for an application that can be processed    within the Local Service Cloud.-   The application ID is obtained from the detected DNS query.-   The IP address of the wireless device is obtained, for example from    the source address of the IP packet that carries the DNS query.-   An optional step of obtaining LSC constraints might be performed, it    is also possible to check whether it is suitable to process the    application in the LSC, if deemed not suitable the process can be    terminated.-   A VM belonging to a VLAN is selected based on the ID of the    application and optionally on the LSC constraints, if such    constraints were obtained. That is, the application ID and possibly    the LSC constraints are used to select a VM and a VLAN associated to    the VM.-   A traffic filter is constructed. The selected VM constitutes the    uplink, UL, destination or the downlink, DL, source. The uplink, UL,    traffic filter comprises the IP address of the destination and,    optionally, a transport protocol and the port number of the    destination. The downlink, DL, traffic filter comprises the IP    address of the destination, that is the IP address of the wireless    device, and might optionally comprise the IP address of the source    and optionally also the transport protocol and/or the port number of    the source.-   A bearer ID is obtained, the bearer ID is in this particular example    an Extended EPS bearer ID as described earlier. In the case where    the bearer ID is different from an Extended EPS bearer ID this    particular step might also comprise to obtain a separate UE context    reference in order to identify the particular bearer. This feature    is however not necessary in the case an Extended EPS bearer ID is    used since the Extended EPS bearer ID already includes a UE context    reference.-   The LBO function is compiled. The LBO function comprises UL and DL    traffic filters, information about VLAN and the bearer ID, e.g., the    Extended EPS bearer ID. As mentioned above, in the particular    example of FIG. 11, the IP address of the wireless device is a part    of the DL traffic filter, another option might however to keep it as    a separate item in the LBO function.-   Having compiled the LBO function, the LBO function is ready to be    installed in a network node.

Reference is now made to FIG. 6 where there is disclosed a method forrouting data packets between a wireless device in a cellularcommunication network and a Local Service Cloud, LSC, based serviceprovider providing service(s) and/or application(s) for the wirelessdevice, wherein the method is performed by a network node serving thewireless device in the cellular communication network. The methodcomprises the steps of:

-   selecting S110, also referred to as breaking out, data packets from    the wireless device to be routed to the LSC based service provider;    and-   inserting S120, also referred to as breaking in, data packets from    the LSC based provider into a packet flow to be routed to the    wireless device,

wherein the data packets are routed by means of a traffic filterconstructed according to what has been described above.

In a possible embodiment of the proposed method, the network node breaksout packets from the wireless device to be directed to the LSC basedservice provider and breaks in packets from the LSC based serviceprovider to be directed to the wireless device between a radio interfacepart and a non-radio interface part of a bearer associated with thewireless device.

In another possible embodiment of the proposed method the LSC basedservice provider is based on at least one Virtual Machine, VM, each VMbeing associated with an individual Virtual Local Area Network, VLAN,and the network node controls on which VLAN the selected packets are tobe forwarded to the corresponding VM on which the application or serviceis running, based on a bearer-VLAN mapping providing a mapping between abearer for the wireless device and the VLAN to the VM on which theapplication or service is running.

In a particular embodiment of the proposed method the network node alsocontrols on which radio bearer packets are to be forwarded from the LSCbased service provider to the wireless device.

By way of example, in the proposed method the network node intercepts aDomain Name Server, DNS, query for an application or service hosted bythe LSC based service provider and directs the query to a local DNSproxy in the LSC based service provider and receives, from the local DNSproxy, information for enabling the node to control the breaking outand/or breaking in of packets belonging to an expected traffic flowrelated to the application.

The proposed technology also provide a system for constructing a trafficfilter as described in the description. FIG. 7A illustratesschematically an exemplary embodiment of such a system. FIG. 7A shows asystem 100 comprising a processor 122 and a memory 124 that isconfigured to construct a traffic filter enabling routing of databetween a wireless device and a Local Service Cloud, LSC, based serviceprovider providing service(s) and/or application(s) for the wirelessdevice. The system is configured to obtain information representing theidentity of the wireless device requesting an application to beprocessed by the local cloud based service, and a representation of anapplication identity identifying the application. The system is alsoconfigured to select, based on the application identity, a VirtualMachine, VM, as the LSC based service provider suitable to process theapplication for the wireless device. The system is furthermoreconfigured to construct a traffic filter based on the informationrepresenting the identity of the wireless device, the representation ofthe application identity and a representation of the identity of theselected VM, the traffic filter providing routing of data between thewireless device and the selected VM.

In a particular embodiment of the system is the system is configured toconstruct a traffic filter comprising at least one uplink filter forrouting of data from the wireless device to the selected VM and/or atleast one downlink filter for routing of data from the selected VM tothe wireless device.

In yet another embodiment of the system is the system configured toobtain the identity of the wireless device by obtaining at least one ofthe IMSI signature of the wireless device, the IP address of thewireless device or the MAC address of the wireless device.

In still another embodiment of the system is the system configured toselect the VM by determining conditional constraints optionallyrestricting the wireless device use of the application and using thedetermined conditional constraints to reduce the number of VMs suitableto process the application for the wireless device.

By way of example, a possible embodiment of the system provides a systemthat is configured to select the VM based on conditional constraintsthat comprises constraints relating to whether the wireless device isauthorized to use the application.

A particular embodiment of the system provides a system that isconfigured to select the VM based on conditional constraints thatcomprises any of the following, or any combination of the following:

-   constraints on the maximal limit for delays or packet losses;-   security constraints rendering particular VMs non-selectable;-   geographical access constraints rendering particular VMs    non-selectable;-   constraints on the network load rendering certain VMs    non-selectable;-   constraints on the VM-load rendering certain VMs non-selectable;-   constraints on the latency limits making certain VMs non-selectable.

A possible example of an embodiment of the system provides a system thatis configured to select at least one VM based on information identifyinga selection of Virtual Machines, VMs, within the local cloud that aredeemed suitable to process the application for the wireless device.

An optional embodiment of a system provides a system that is configuredto obtain the information identifying a selection of VMs from a TopologyData Base, TDB, carrying information about existing VMs within the localcloud and information about the deployment of applications.

A possible embodiment of a system according to the proposed technologyprovides a system that is configured to select a VM by extracting atleast one VM from the selection of VMs by means of at least one TrafficEngineering, TE, algorithm.

An optional embodiment of a system provides a system that is configuredto extract at least on VM based on at least one TE algorithm comprisingany of the following, or any combination of the following:

-   a shortest path algorithm, counting the number of hops among the    VMs, wherein a suitable VM, comprised in the selection of VMs, and    is selected if adhering to a constraint on the number of hops;-   a cost based optimization algorithm wherein a suitable VM, comprised    in the selection of VMs, is selected based on a comparison with a    cost threshold and the actual cost of the processing;-   a priority based optimization algorithm wherein a suitable VM,    comprised in the selection of VMs, is selected based on priority    values assigned to each VM within the local cloud.

In an optional embodiment is the system configured to construct atraffic filter enabling routing of data between the wireless device andthe selected VM based on information representing the IP address of theVM.

In a particular embodiment of a system is the system configured toconstruct a traffic filter enabling routing of data between the wirelessdevice and the selected VM based on information representing theidentity of the Virtual Local Area Network, VLAN, hosting the selectedVM.

An optional variant of a system provides a system that is configured toconstruct a traffic filter enabling routing of data between the wirelessdevice and the selected VM, also based on a MAC address of the selectedVM hosted by the VLAN.

By way of example, a possible embodiment provides a system that isconfigured to construct a traffic filter enabling routing of databetween the wireless device and the selected VM based on informationrepresenting the identity of at least one bearer used for routing datapackets to the wireless device.

Still another embodiment of a system provides for a system that isconfigured to construct a traffic filter by also providing a mappingbetween the at least one bearer used for routing data packets to thewireless device and the selected VM thereby enabling routing of datapackets between the selected VM and the wireless device over theconnection link defined by the bearer.

In an optional embodiment is the system configured to construct atraffic filter by determining the at least one bearer to be used forrouting data packets from the VM to the wireless device.

A specific example of an embodiment provides a system that is configuredto construct a traffic filter by determining at least one bearer used toroute data packets to the wireless device, the bearer being at least oneof: a Radio Bearer, RB, an EPS bearer or a Radio Access Bearer.

In a particular embodiment of the system, illustrated in FIG.7A, it isprovided a system that comprises a processor 122 and a memory 124, thememory 124 comprising instructions executable by the processor 122,whereby the processor 122 is operative to construct the traffic filter.

Still another particular embodiment of the system is illustrated inFIG.7B and provides a system that comprises communication circuitry 110configured to obtain information representing the identity of thewireless device requesting an application to be processed by the localcloud based service, and a representation of an application identityidentifying the application.

The proposed technology also provides a network node 150, serving awireless device in a cellular communication network. The network node isconfigured to enable routing of data packets between the wireless deviceand a Local Service Cloud, LSC, based service provider providingservice(s) and/or application(s) for the wireless device. The networknode comprises an installed Local Break-Out, LBO, function, configuredto select, also referred to as break out, data packets from the wirelessdevice to be directed to the Local Service Cloud based service providerby means of a traffic filter and insert, also referred to as break in,data packets from the Local Service Cloud based service provider into apacket flow to be carried by the bearer and to be routed to the wirelessdevice by means of a traffic filter. The LBO function comprises atraffic filter that is constructed by the above described system, andwhich enables routing of data packets between the Local Service Cloudbased service provider and the wireless device. An embodiment of such anetwork node is schematically illustrated in the block diagram of FIG.8A.

In a particular embodiment of the network node is the LBO functionconfigured to trigger based on a Domain Name Server, DNS, query for anapplication or service hosted by the LSC.

In a possible embodiment of the network node is the LBO functionconfigured to intercept the DNS query and direct the query to a localDNS proxy in the LSC and configured to receive, from the local DNSproxy, LBO function information for an expected traffic flow of theapplication or service, and wherein the LBO function is configured forthe expected packet flow based on the LBO function information.

The proposed technology also provides a network node 150, serving awireless device in the cellular communication network, and configuredfor routing data packets between a wireless device in a cellularcommunication network and a Local Service Cloud, LSC, based serviceprovider providing service(s) and/or application(s) for the wirelessdevice. The network node is configured to select, also referred to asbreaking out, data packets from the wireless device to be routed to theLSC based service provider. The network node is also configured toinsert, also referred to as breaking in, data packets from the LSC basedprovider into a packet flow to be routed to the wireless device by meansof a traffic filter constructed by the described system.

A particular example of a network node according to the proposedtechnology provides a network node that is configured to break outpackets from the wireless device to be directed to the LSC based serviceprovider and break in packets from the LSC based service provider to bedirected to the wireless device between a radio interface part and anon-radio interface part of a bearer associated with the wirelessdevice.

In a possible embodiment of the proposed network node is the LSC basedservice provider based on at least one Virtual Machine, VM, each VMbeing associated with an individual Virtual Local Area Network, VLAN.The network node controls on which VLAN the selected packets are to beforwarded to the corresponding VM on which the application or service isrunning, based on a bearer-VLAN mapping providing a mapping between abearer for the wireless device and the VLAN to the VM on which theapplication or service is running.

In an optional embodiment of the network node, the network node alsocontrols on which radio bearer packets are to be forwarded from the LSCbased service provider to the wireless device.

By way of example, a possible embodiment of the proposed network nodeprovides a network node that is configured to intercept a Domain NameServer, DNS, query for an application or service hosted by the LSC basedservice provider and wherein the network node is configured direct thequery to a local DNS proxy in the LSC based service provider and whereinthe network node is configured to receive, from the local DNS proxy,information for enabling the network node to control the breaking outand/or breaking in of packets belonging to an expected traffic flowrelated to the application.

A particular embodiment of the proposed network node provides a networknode that comprises a processor 220 and a memory 230, the memory 230comprising instructions executable by the processor 220, whereby theprocessor 220 is operative to rout data packets between a wirelessdevice in a cellular communication network and a Local Service Cloud,LSC, based service provider providing service(s) and/or application(s)for the wireless device. A schematic illustration of an embodiment ofsuch network node is given in FIG. 8A.

In still another particular embodiment illustrated in FIG. 8B, thenetwork node also comprises communication circuitry 210 configured toobtain information enabling the network node to rout data packetsbetween a wireless device in a cellular communication network and aLocal Service Cloud, LSC, based service provider providing service(s)and/or application(s) for the wireless device.

As used herein, the non-limiting terms “User Equipment” and “wirelessdevice” may refer to a mobile phone, a cellular phone, a PersonalDigital Assistant, PDA, equipped with radio communication capabilities,a smart phone, a laptop or Personal Computer, PC, equipped with aninternal or external mobile broadband modem, a tablet PC with radiocommunication capabilities, a target device, a device to device UE, amachine type UE or UE capable of machine to machine communication, iPAD,customer premises equipment, CPE, laptop embedded equipment, LEE, laptopmounted equipment, LME, USB dongle, a portable electronic radiocommunication device, a sensor device equipped with radio communicationcapabilities or the like. In particular, the term “UE” and the term“wireless device” should be interpreted as non-limiting terms comprisingany type of wireless device communicating with a radio network node in acellular or mobile communication system or any device equipped withradio circuitry for wireless communication according to any relevantstandard for communication within a cellular or mobile communicationsystem.

As used herein, the non-limiting term “network node” may refer to basestations, network control nodes such as network controllers, radionetwork controllers, base station controllers, and the like. Inparticular, the term “base station” may encompass different types ofradio base stations including standardized base stations such as NodeBs, or evolved Node Bs, eNBs, and also macro/micro/pico radio basestations, home base stations, also known as femto base stations, relaynodes, repeaters, radio access points, base transceiver stations, BTSs,and even radio control nodes controlling one or more Remote Radio Units,RRUs, or the like.

The network node and the system may also include radio circuitry forcommunication with one or more other nodes, including transmittingand/or receiving information.

It will be appreciated that the methods and devices described herein canbe combined and re-arranged in a variety of ways.

For example, embodiments may be implemented in hardware, or in softwarefor execution by suitable processing circuitry, or a combinationthereof.

The steps, functions, procedures, modules and/or blocks described hereinmay be implemented in hardware using any conventional technology, suchas discrete circuit or integrated circuit technology, including bothgeneral-purpose electronic circuitry and application-specific circuitry.

Particular examples include one or more suitably configured digitalsignal processors and other known electronic circuits, e.g. discretelogic gates interconnected to perform a specialized function, orApplication Specific Integrated Circuits (ASICs).

Alternatively, at least some of the steps, functions, procedures,modules and/or blocks described herein may be implemented in softwaresuch as a computer program for execution by suitable processingcircuitry such as one or more processors or processing units.

The proposed technology also provides a computer program 125 comprisinginstructions, which when executed by at least one processor, cause theprocessor(s) to:

-   read information representing the identity of the wireless device    requesting an application to be processed by the local cloud based    service, and a representation of an application identity identifying    the application;-   select based on the application identity, a Virtual Machine, VM, as    the LSC based service provider suitable to process the application    for the wireless device ;-   construct a traffic filter based on the information representing the    identity of the wireless device, the representation of the    application identity and a representation of the identity of the    selected VM, the traffic filter providing routing of data between    the wireless device and the selected VM.

The use of such a computer program is illustrated schematically in FIG.9.

By way of example, the software or computer program may be realized as acomputer program product, which is normally carried or stored on acomputer-readable medium. The computer-readable medium may include oneor more removable or non-removable memory devices including, but notlimited to a Read-Only Memory (ROM), a Random Access Memory (RAM), aCompact Disc (CD), a Digital Versatile Disc (DVD), a Blueray disc, aUniversal Serial Bus (USB) memory, a Hard Disk Drive (HDD) storagedevice, a flash memory, a magnetic tape, or any other conventionalmemory device. The computer program may thus be loaded into theoperating memory of a computer or equivalent processing device forexecution by the processing circuitry thereof.

The proposed technology also provides a carrier comprising the computerprogram, wherein the carrier is one of an electronic signal, an opticalsignal, an electromagnetic signal, a magnetic signal, an electricsignal, a radio signal, a microwave signal, or a computer-readablestorage medium 145.

Examples of processing circuitry includes, but is not limited to, one ormore microprocessors, one or more Digital Signal Processors (DSPs), oneor more Central Processing Units (CPUs), video acceleration hardware,and/or any suitable programmable logic circuitry such as one or moreField Programmable Gate Arrays (FPGAs), or one or more ProgrammableLogic Controllers (PLCs).

It should also be understood that it may be possible to re-use thegeneral processing capabilities of any conventional device or unit inwhich the proposed technology is implemented. It may also be possible tore-use existing software, e.g. by reprogramming of the existing softwareor by adding new software components.

In this particular example, at least some of the steps, functions,procedures, modules and/or blocks described herein are implemented in acomputer program, which is loaded into the memory for execution byprocessing circuitry including one or more processors. The processor(s)and memory are interconnected to each other to enable normal softwareexecution. An optional input/output device may also be interconnected tothe processor(s) and/or the memory to enable input and/or output ofrelevant data such as input parameter(s) and/or resulting outputparameter(s).

The term ‘processor’ should be interpreted in a general sense as anysystem or device capable of executing program code or computer programinstructions to perform a particular processing, determining orcomputing task.

The processing circuitry including one or more processors is thusconfigured to perform, when executing the computer program, well-definedprocessing tasks such as those described herein.

The processing circuitry does not have to be dedicated to only executethe above-described steps, functions, procedure and/or blocks, but mayalso execute other tasks.

By way of example, the software or computer program may be realized as acomputer program product, which is normally carried or stored on acomputer-readable medium. The computer-readable medium may include oneor more removable or non-removable memory devices including, but notlimited to a Read-Only Memory (ROM), a Random Access Memory (RAM), aCompact Disc (CD), a Digital Versatile Disc (DVD), a Blueray disc, aUniversal Serial Bus (USB) memory, a Hard Disk Drive (HDD) storagedevice, a flash memory, a magnetic tape, or any other conventionalmemory device. The computer program may thus be loaded into theoperating memory of a computer or equivalent processing device forexecution by the processing circuitry thereof.

The flow diagram or diagrams presented herein may therefore be regardedas a computer flow diagram or diagrams, when performed by one or moreprocessors. A corresponding system or network node may be defined as agroup of function modules, where each step performed by the processorcorresponds to a function module. In this case, the function modules areimplemented as a computer program running on the processor. Hence, thesystem or network node may alternatively be defined as a group offunction modules, where the function modules are implemented as acomputer program running on at least one processor.

The proposed technology provides a system 300 for constructing a trafficfilter enabling routing of data between a wireless device and a LocalService Cloud, LSC, based service provider providing service(s) and/orapplication(s) for the wireless device. The system comprises:

-   a communicating module 325 for obtaining information representing    the identity of the wireless device requesting an application to be    processed by the local cloud based service, and a representation of    an application identity identifying the application;-   a selecting module 335 for selecting, based on the application    identity, a Virtual Machine, VM, as the LSC based service provider    suitable to process the application for the wireless device; and-   a constructing module 345 for constructing a traffic filter based on    the information representing the identity of the wireless device,    the representation of the application identity and a representation    of the identity of the selected VM, the traffic filter providing    routing of data between the wireless device and the selected VM.

The computer program residing in memory may thus be organized asappropriate function modules configured to perform, when executed by theprocessor, at least part of the steps and/or tasks described herein. Anexample of such a system is illustrated in FIG.10.

The embodiments described above are merely given as examples, and itshould be understood that the proposed technology is not limitedthereto. It will be understood by those skilled in the art that variousmodifications, combinations and changes may be made to the embodimentswithout departing from the present scope as defined by the appendedclaims. In particular, different part solutions in the differentembodiments can be combined in other configurations, where technicallypossible.

REFERENCES

[1] US2013/0066936

[2] US 2013/0121207 A1

[3] US21013/0124712 A1

[4] US 2013/0279336

[5] US 2011/0235595

[6] US 2013/0165177 A1

[7] U.S. Pat. No. 8,607,074 B2

[8] WO 2013164403 A1

1-57. (canceled)
 58. A method for constructing a traffic filter enablingrouting of data between a wireless device and a Local Service Cloud(LSC) based service provider providing services or applications for thewireless device, the method comprising: obtaining informationrepresenting an identity of the wireless device requesting anapplication to be processed by a local cloud based service, and arepresentation of an application identity identifying the application;selecting, based on the application identity, a Virtual Machine (VM) asthe LSC based service provider suitable to process the application forthe wireless device; and constructing the traffic filter based on theinformation representing the identity of the wireless device, therepresentation of the application identity and a representation of anidentity of the selected VM, the traffic filter providing routing ofdata between the wireless device and the selected VM.
 59. The methodaccording to claim 58, wherein the traffic filter comprises one or moreof at least one uplink filter for routing of data from the wirelessdevice to the selected VM and at least one downlink filter for routingof data from the selected VM to the wireless device.
 60. The methodaccording to claim 58, wherein the identity of the wireless devicecomprises at least one of an international mobile subscriber identity(IMSI) signature of the wireless device, an internet protocol (IP)address of the wireless device and a medium access control (MAC) addressof the wireless device.
 61. The method according to claim 58, whereinthe selected VM is selected by determining conditional constraints thatoptionally restrict the wireless device's use of the application andusing the determined conditional constraints to reduce the number of VMssuitable to process the application for the wireless device.
 62. Themethod according to claim 61, wherein the conditional constraintscomprise constraints relating to whether the wireless device isauthorized to use the application.
 63. The method according to claim 61,wherein the conditional constraints comprise any of the following, orany combination of the following: constraints on a maximal limit fordelays or packet losses; security constraints rendering particular VMsnon-selectable; geographical access constraints rendering particular VMsnon-selectable; constraints on a network load rendering certain VMsnon-selectable; constraints on a VM-load rendering certain VMsnon-selectable; and constraints on latency limits making certain VMsnon-selectable.
 64. The method according to claim 58, wherein the stepof selecting the selected VM is based on information identifying aselection of VMs within a local cloud that are deemed suitable toprocess the application for the wireless device.
 65. The methodaccording to claim 64, wherein the information identifying the selectionof VMs is obtained from a Topology Data Base (TDB) carrying informationabout existing VMs within the local cloud and information aboutdeployment of applications.
 66. The method according to claim 64,wherein the step of selecting the selected VM comprises extracting atleast one VM from the selection of VMs by means of at least one TrafficEngineering (TE) algorithm.
 67. The method according to claim 66,wherein the at least one TE algorithm is any of the following, or anycombination of the following: a shortest path algorithm, counting anumber of hops among the selection of VMs, wherein a suitable VM,comprised in the selection of VMs, and is selected responsive to adetermination that the suitable VM adheres to a constraint on the numberof hops; a cost based optimization algorithm wherein a suitable VM,comprised in the selection of VMs, is selected based on a comparisonwith a cost threshold and an actual cost of processing; and a prioritybased optimization algorithm wherein a suitable VM, comprised in theselection of VMs, is selected based on priority values assigned to eachVM within the local cloud.
 68. The method according to claim 58, whereinthe step of constructing the traffic filter enabling routing of databetween the wireless device and the selected VM is based on informationrepresenting an internet protocol (IP) address of the selected VM. 69.The method according to claim 58, wherein the step of constructing thetraffic filter enabling routing of data between the wireless device andthe selected VM is based on information representing an identity of aVirtual Local Area Network (VLAN) hosting the selected VM.
 70. Themethod according to claim 69, wherein the step of constructing thetraffic filter enabling routing of data between the wireless device andthe selected VM, is also based on a medium access control (MAC) addressof the selected VM hosted by the VLAN.
 71. The method according to claim58, wherein the step of constructing the traffic filter enabling routingof data between the wireless device and the selected VM is based oninformation representing an identity of at least one bearer used forrouting data packets to the wireless device.
 72. The method according toclaim 71, wherein the step of constructing the traffic filter alsocomprises the step of providing a mapping between the at least onebearer used for routing data packets to the wireless device and theselected VM, thereby enabling routing of data packets between theselected VM and the wireless device over a connection link defined bysaid the at least one bearer.
 73. A system configured to construct atraffic filter enabling routing of data between a wireless device and aLocal Service Cloud (LSC) based service provider providing services orapplications for the wireless device, wherein the system comprises:processing circuitry configured to: obtain information representing anidentity of the wireless device requesting an application to beprocessed by a local cloud based service, and a representation of anapplication identity identifying the application; select, based on theapplication identity, a Virtual Machine (VM) as the LSC based serviceprovider suitable to process the application for the wireless device;and construct the traffic filter based on the information representingthe identity of the wireless device, the representation of theapplication identity and a representation of an identity of the selectedVM, the traffic filter providing routing of data between the wirelessdevice and the selected VM.
 74. The system according to claim 73,wherein the processing circuitry is configured to construct the trafficfilter to comprise one or more of at least one uplink filter for routingof data from the wireless device to the selected VM and at least onedownlink filter for routing of data from the selected VM to the wirelessdevice.
 75. The system according to claim 73, wherein the processingcircuitry is configured to obtain the identity of the wireless device byobtaining at least one of an international mobile subscriber identity(IMSI) signature of the wireless device, an internet protocol (IP)address of the wireless device and a medium access control (MAC) addressof the wireless device.
 76. The system according to claim 73, whereinthe processing circuitry is configured to select the selected VM bydetermining conditional constraints that optionally restrict thewireless device's use of the application and using the determinedconditional constraints to reduce the number of VMs suitable to processthe application for the wireless device.
 77. The system according toclaim 76, wherein the processing circuitry is configured to select theselected VM based on conditional constraints that comprise constraintsrelating to whether the wireless device is authorized to use theapplication.
 78. The system according to claim 76, wherein theprocessing circuitry is configured to select the selected VM based onconditional constraints that comprise any of the following, or anycombination of the following: constraints on a maximal limit for delaysor packet losses; security constraints rendering particular VMsnon-selectable; geographical access constraints rendering particular VMsnon-selectable; constraints on a network load rendering certain VMsnon-selectable; constraints on a VM-load rendering certain VMsnon-selectable; and constraints on latency limits making certain VMsnon-selectable.
 79. The system according to claim 73, wherein theprocessing circuitry is configured to select the selected VM based oninformation identifying a selection of VMs within a local cloud that aredeemed suitable to process the application for the wireless device. 80.The system according to claim 79, wherein the processing circuitry isconfigured to the obtain information identifying a selection of VMs froma Topology Data Base (TDB) carrying information about existing VMswithin the local cloud and information about deployment of applications.81. The system according to claim 79, wherein the processing circuitryis configured to select the selected VM by extracting at least one VMfrom the selection of VMs by means of at least one Traffic Engineering(TE) algorithm.
 82. The system according to claim 81, wherein theprocessing circuitry is configured to extract at least one VM based onat least one TE algorithm comprising any of the following, or anycombination of the following: a shortest path algorithm, counting anumber of hops among the selection of VMs, wherein a suitable VM,comprised in the selection of VMs, and is selected responsive to adetermination that the suitable VM adheres to a constraint on the numberof hops; a cost based optimization algorithm wherein a suitable VM,comprised in the selection of VMs, is selected based on a comparisonwith a cost threshold and an actual cost of processing; and a prioritybased optimization algorithm wherein a suitable VM, comprised in theselection of VMs, is selected based on priority values assigned to eachVM within the local cloud.
 83. The system according to claim 73, whereinthe processing circuitry is configured to construct the traffic filterenabling routing of data between the wireless device and the selected VMbased on information representing an internet protocol (IP) address ofthe VM.
 84. The system according to claim 73, wherein the processingcircuitry is configured to construct the traffic filter enabling routingof data between the wireless device and the selected VM based oninformation representing an identity of a Virtual Local Area Network(VLAN) hosting the selected VM.
 85. The system according to claim 84,wherein the processing circuitry is configured to construct the trafficfilter enabling routing of data between the wireless device and theselected VM, also based on a medium access control (MAC) address of theselected VM hosted by the VLAN.
 86. The system according to claim 73,wherein the processing circuitry is configured to construct the trafficfilter enabling routing of data between the wireless device and theselected VM based on information representing an identity of at leastone bearer used for routing data packets to the wireless device.
 87. Thesystem according to claim 86, wherein the processing circuitry isconfigured to construct the traffic filter by also providing a mappingbetween the at least one bearer used for routing data packets to thewireless device and the selected VM, thereby enabling routing of datapackets between the selected VM and the wireless device over aconnection link defined by the at least one bearer.
 88. The systemaccording to claim 87, wherein the processing circuitry is configured toconstruct the traffic filter by determining the at least one bearer tobe used for routing data packets from the selected VM to the wirelessdevice.
 89. The system according to claim 86, wherein the processingcircuitry is configured to construct the traffic filter by determiningthe at least one bearer used to route data packets to the wirelessdevice, the at least one bearer being at least one of: a Radio Bearer(RB), an evolved packet system (EPS) bearer and a Radio Access Bearer(RAB).
 90. The system according to claim 73, wherein the systemcomprises a memory, the memory comprising instructions executable by theprocessing circuitry, whereby the processing circuitry is operative toconstruct the traffic filter.
 91. The system according to claim 90,wherein the communication circuitry is configured to obtain theinformation representing the identity of the wireless device requestingthe application to be processed by the local cloud based service, andthe representation of the application identity identifying theapplication.
 92. A non-transitory computer-readable storage mediumstoring a computer program for constructing a traffic filter enablingrouting of data between a wireless device and a Local Service Cloud(LSC) based service provider providing services or applications for thewireless device, the computer program comprising instructions, whichwhen executed by at least one processor of a system configured toconstruct the traffic filter, cause the system to: read informationrepresenting an identity of the wireless device requesting anapplication to be processed by a local cloud based service, and arepresentation of an application identity identifying the application;select based on the application identity, a Virtual Machine (VM) as theLSC based service provider suitable to process the application for thewireless device; and construct the traffic filter based on theinformation representing the identity of the wireless device, therepresentation of the application identity and a representation of anidentity of the selected VM, the traffic filter providing routing ofdata between the wireless device and the selected VM.